How Hackers Slipped by British Airways’ Data Defenses

Researchers have published details on the recent British Airways hack, connecting it to a criminal network active since 2015. The group is otherwise known for taking advantage of websites that have failed to secure payment data entry forms and skimming data submissions. The British Airways attack, however, seemed to be a more complex attack designed more specifically for the company and its specific infrastructure. “The British Airways attack we see as an extension of this campaign where they’ve set up specialized infrastructure mimicking the victim site.” The hackers likely “injected” their own code into poorly secured portions of the existing websites, which would not involve penetrating an entire network and would also explain the set timeframe of data that was stolen.

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.